MessageLabs documented a drop in spam eight times less than normal in the 12 hours immediately following the takedown.
(Credit: MessageLabs)Internet hosting site McColo disappeared on Tuesday. Along with it went thousands of pieces of spam, thanks, in part, to investigative work by Washington Post reporter Brian Krebs.
For about four months, security experts have been collecting data about McColo Corp., a San Jose, Calif.-based Web hosting service that may have been used by by the cyber underground, according to the The Washington Post. Krebs said that the McColo hosting company had been responsible for up to 75 percent of all spam spent.
Security vendor MXLogic said it was seeing about a 50 percent decline in spam volume as a result on Wednesday.
Jose Nazario of Arbor Networks, a company that monitors botnet activity, speculated that McColo vanished at around 9 a.m. Eastern time on November 10. Botnets are frequently used to relay spam, and McColo may have hosted some of the command and control servers necessary to coordinate spam campaigns.
Adam O'Donnell, writing on theZDNet Zero Day blog, speculates that the spammers might regroup in Eastern Europe.
The Post credits Benny Ng, director of marketing for Hurricane Electric, an upstream provider for McColo, for pulling the plug on the company. Another provider, Global Crossing, declined to comment, telling Krebs the company "communicates and cooperates fully with law enforcement, their peers, and security researchers to address malicious activity."
Something similar happened in September when another hosting site, Intercage/Ativo, was shut down by its upstream providers.
This week we've seen two Internet events that are more alike than dissimilar. On Wednesday, an Estonian court convicted a 20-year Russian for his part in last spring's distributed denial-of-service (DDoS) attacks on that nation. On Thursday, word of mounting DDoS attacks on the Church of Scientology spread. Ultimately, both events could have larger repercussions.
The attack on the Estonian Web sites was prompted by an Estonian government plan to move a statue and grave sites honoring Russian-Estonians who died fighting the Nazis. Gadi Evron of Beyond Security said at last year's Black Hat USA that he found only one case of unique code used in the attacks which lasted from April 27 through mid-May. Evron said the attack had the appearance of an Internet flash mob, and now, with the conviction, it appears to have been loosely organized by a group of college kids. Evron cited evidence of at least one e-mail inciting Internet action on a particular date at a particular time during Estonian attacks.
A similar event is happening now. DDoS attacks against the Church of Scientology appear to be coming from a loosely organized group of individuals calling themselves Anonymous or Anon. The attacks, according to Jose Nazario of Arbor Networks, appear to use common code and early attacks originated from one IP address.
As with the events in Estonia, as news spread, more individuals may now be targeting the Church of Scientology in a sort of "me too" frenzy. A Web site called Project Chanology continues to detail present and future actions by Anonymous and others.
The idea that a handful of skilled individuals could decide to "take out" a particular group or company or government for any reason is a very disturbing one indeed.
Consolidation in security keeps on coming, with Arbor Networks stepping up to the plate with plans to acquire Ellacoya Networks.
Arbor, which announced a definitive agreement to acquire Ellacoya on Thursday, is looking to boost its network security and service offerings to Internet service providers.
While the combined company will maintain separate products lines, Arbor is aiming to infuse its network security monitoring and reporting capabilities into Ellacoya's platform and Ellacoya's deep packet inspection technologies will be mixed into Arbor's products. The end goal is dish up technology that can detect and address a range of network-based attacks from the core of an ISP's network to the edge of the broadband service.
"With the addition of the Ellacoya technology and customer base, Arbor Networks will be in a unique position to deliver both broad and deep visibility to protect and manage networks," Jack Boyle, Arbor's chief executive, said in a statement.
Arbor, which hopes to close the deal by the end of this month, is the latest player in the consolidation of the security industry, which has seen such whopper deals as IBM's $1.3 billion acquisition of Internet Security Systems and EMC's megamerger with RSA Security for nearly $2.1 billion.
Terms of the Arbor and Ellacoya deal were not disclosed. But it's safe to say the pending acquisition of privately held Ellacoya is far from a billion-dollar deal.
- prev
- 1
- next
